diff -u clamav-0.90.2/debian/changelog clamav-0.90.2/debian/changelog
--- clamav-0.90.2/debian/changelog
+++ clamav-0.90.2/debian/changelog
@@ -1,3 +1,14 @@
+clamav (0.90.2-0ubuntu1.5) feisty-security; urgency=low
+
+  * Security UPDATE: Remode code execution
+    libclamav/mspack.c: Off-by-one error in LZX_READ_HUFFSYM
+    libclamav/pe.c: MEW PE File Integer Overflow
+  * References 
+    CVE-2007-6335
+    CVE-2007-6336
+
+ -- Leonel Nunez <leonel@enelserver.com>  Wed, 19 Dec 2007 22:16:49 +0000
+
 clamav (0.90.2-0ubuntu1.4) feisty-security; urgency=low
 
   * SECURITY UPDATE: Remote DoS and Remote code execution (LP: #141073).
only in patch2:
unchanged:
--- clamav-0.90.2.orig/debian/patches/59_cve-2007-6336.dpatch
+++ clamav-0.90.2/debian/patches/59_cve-2007-6336.dpatch
@@ -0,0 +1,19 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 59_cve-2007-6336.dpatch by Leonel Nunez <leonel@enelserver.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+@DPATCH@
+diff -urNad clamav-0.90.2~/libclamav/mspack.c clamav-0.90.2/libclamav/mspack.c
+--- clamav-0.90.2~/libclamav/mspack.c	2007-02-17 19:13:42.000000000 +0000
++++ clamav-0.90.2/libclamav/mspack.c	2007-12-19 22:16:34.000000000 +0000
+@@ -729,7 +729,7 @@
+ 
+ #define LZX_ENSURE_BITS(nbits)                                              \
+   while (bits_left < (nbits)) {                                         \
+-    if (i_ptr >= i_end) {                                               \
++    if (i_ptr + 1 >= i_end) {                                               \
+       if (lzx_read_input(lzx)) return lzx->error;                      \
+       i_ptr = lzx->i_ptr;                                               \
+       i_end = lzx->i_end;                                               \
only in patch2:
unchanged:
--- clamav-0.90.2.orig/debian/patches/58_cve-2007-6335.dpatch
+++ clamav-0.90.2/debian/patches/58_cve-2007-6335.dpatch
@@ -0,0 +1,50 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 58_cve-2007-6335.dpatch by Leonel Nunez <leonel@enelserver.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+@DPATCH@
+diff -urNad clamav-0.90.2~/libclamav/pe.c clamav-0.90.2/libclamav/pe.c
+--- clamav-0.90.2~/libclamav/pe.c	2007-02-27 09:55:09.000000000 +0000
++++ clamav-0.90.2/libclamav/pe.c	2007-12-19 22:15:43.000000000 +0000
+@@ -77,6 +77,19 @@
+ #define PEALIGN(o,a) (((a))?(((o)/(a))*(a)):(o))
+ #define PESALIGN(o,a) (((a))?(((o)/(a)+((o)%(a)!=0))*(a)):(o))
+ 
++#define CLI_UNPSIZELIMITS(NAME,CHK) \
++if(ctx->limits && ctx->limits->maxfilesize && (CHK) > ctx->limits->maxfilesize) { \
++    cli_dbgmsg(NAME": Sizes exceeded (%lu > %lu)\n", (CHK), ctx->limits->maxfilesize); \
++    free(section_hdr); \
++    free(exe_sections); \
++    if(BLOCKMAX) { \
++        *ctx->virname = "PE."NAME".ExceededFileSize"; \
++        return CL_VIRUS; \
++    } else { \
++        return CL_CLEAN; \
++    } \
++}
++
+ extern short cli_leavetemps_flag;
+ 
+ struct offset_list {
+@@ -1157,17 +1170,8 @@
+ 		dsize = exe_sections[i].vsz;
+ 
+ 		cli_dbgmsg("MEW: ssize %08x dsize %08x offdiff: %08x\n", ssize, dsize, offdiff);
+-		if(ctx->limits && ctx->limits->maxfilesize && (ssize + dsize > ctx->limits->maxfilesize || exe_sections[i + 1].rsz > ctx->limits->maxfilesize)) {
+-		    cli_dbgmsg("MEW: Sizes exceeded (ssize: %u, dsize: %u, max: %lu)\n", ssize, dsize , ctx->limits->maxfilesize);
+-		    free(section_hdr);
+-		    free(exe_sections);
+-		    if(BLOCKMAX) {
+-			*ctx->virname = "PE.MEW.ExceededFileSize";
+-			return CL_VIRUS;
+-		    } else {
+-			return CL_CLEAN;
+-		    }
+-		}
++                CLI_UNPSIZELIMITS("MEW", MAX(ssize, dsize));
++                CLI_UNPSIZELIMITS("MEW", MAX(ssize + dsize, exe_sections[i + 1].rsz));
+ 
+ 		/* allocate needed buffer */
+ 		if (!(src = cli_calloc (ssize + dsize, sizeof(char)))) {